HsOpenSSL 0.11.6.2 → 0.11.7
raw patch · 4 files changed
+41/−6 lines, 4 filesPVP ok
version bump matches the API change (PVP)
API changes (from Hackage documentation)
+ OpenSSL.Session: contextSetDefaultVerifyPaths :: SSLContext -> IO ()
Files
- ChangeLog +9/−0
- HsOpenSSL.cabal +1/−1
- OpenSSL/Cipher.hsc +4/−2
- OpenSSL/Session.hsc +27/−3
ChangeLog view
@@ -1,3 +1,12 @@+2021-04-19 Vladimir Shabanov <dev@vshabanov.com>++ * HsOpenSSL.cabal (Version): Bump version to 0.11.7++ * Added Session.contextSetDefaultVerifyPaths+ by Alexander Biehl @alexbiehl (#59)++ * Fix for LibreSSL (#58)+ 2021-04-05 Vladimir Shabanov <dev@vshabanov.com> * HsOpenSSL.cabal (Version): Bump version to 0.11.6.1
HsOpenSSL.cabal view
@@ -10,7 +10,7 @@ systems and stable. You may also be interested in the @tls@ package, <http://hackage.haskell.org/package/tls>, which is a pure Haskell implementation of SSL.-Version: 0.11.6.2+Version: 0.11.7 License: PublicDomain License-File: COPYING Author: Adam Langley, Mikhail Vorozhtsov, PHO, Taru Karttunen
OpenSSL/Cipher.hsc view
@@ -1,3 +1,6 @@+#include "HsOpenSSL.h"+#include "openssl/aes.h"+ {-# LANGUAGE EmptyDataDecls #-} {-# LANGUAGE ForeignFunctionInterface #-} -- | This module interfaces to some of the OpenSSL ciphers without using@@ -21,8 +24,7 @@ #endif ) where-#include "HsOpenSSL.h"-#include "openssl/aes.h"+ import Control.Monad (when, unless) import Data.IORef import Foreign
OpenSSL/Session.hsc view
@@ -26,6 +26,7 @@ , contextCheckPrivateKey , VerificationMode(..) , contextSetVerificationMode+ , contextSetDefaultVerifyPaths , contextSetCAFile , contextSetCADirectory , contextGetCAStore@@ -78,7 +79,7 @@ ) where -#include "openssl/ssl.h"+#include "HsOpenSSL.h" import Prelude hiding ( #if !MIN_VERSION_base(4,6,0)@@ -308,6 +309,27 @@ _ssl_set_verify_mode ctx mode $ fromMaybe nullFunPtr newCb return () +foreign import ccall unsafe "SSL_CTX_set_default_verify_paths"+ _ssl_set_default_verify_paths :: Ptr SSLContext_ -> IO CInt++-- | Specifies that the default locations from which CA certificates are loaded+-- should be used. There is one default directory and one default file.+--+-- The default CA certificates directory is called "certs" in the default OpenSSL+-- directory. Alternatively the SSL_CERT_DIR environment variable can be defined+-- to override this location.+--+-- The default CA certificates file is called "cert.pem" in the default OpenSSL+-- directory. Alternatively the SSL_CERT_FILE environment+-- variable can be defined to override this location.+--+-- See <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_default_verify_paths.html> for+-- more information.+contextSetDefaultVerifyPaths :: SSLContext -> IO ()+contextSetDefaultVerifyPaths context =+ withContext context $ \ctx ->+ _ssl_set_default_verify_paths ctx >>= failIf_ (/= 1)+ foreign import ccall unsafe "SSL_CTX_load_verify_locations" _ssl_load_verify_locations :: Ptr SSLContext_ -> Ptr CChar -> Ptr CChar -> IO CInt @@ -501,11 +523,13 @@ (#const SSL_ERROR_WANT_CONNECT) -> "SSL_ERROR_WANT_CONNECT" (#const SSL_ERROR_WANT_ACCEPT) -> "SSL_ERROR_WANT_ACCEPT" (#const SSL_ERROR_WANT_X509_LOOKUP) -> "SSL_ERROR_WANT_X509_LOOKUP"-#if OPENSSL_VERSION_NUMBER >= 0x10100000L+#if defined(SSL_ERROR_WANT_ASYNC) (#const SSL_ERROR_WANT_ASYNC) -> "SSL_ERROR_WANT_ASYNC"+#endif+#if defined(SSL_ERROR_WANT_ASYNC_JOB) (#const SSL_ERROR_WANT_ASYNC_JOB) -> "SSL_ERROR_WANT_ASYNC_JOB" #endif-#if OPENSSL_VERSION_NUMBER >= 0x10101000L+#if defined(SSL_ERROR_WANT_CLIENT_HELLO_CB) (#const SSL_ERROR_WANT_CLIENT_HELLO_CB) -> "SSL_ERROR_WANT_CLIENT_HELLO_CB" #endif (#const SSL_ERROR_SYSCALL) -> "SSL_ERROR_SYSCALL"